mirror of
https://github.com/GMWalletApp/epusdt.git
synced 2026-07-07 18:26:16 +00:00
feat: return initial admin password from install flow
This commit is contained in:
@@ -118,6 +118,55 @@ func TestUpdateAdminUserPasswordHardDeletesInitialPasswordPlaintext(t *testing.T
|
||||
}
|
||||
}
|
||||
|
||||
func TestUpdateAdminUserPasswordHardDeletesPlaintextWithoutHashMetadata(t *testing.T) {
|
||||
cleanup := testutil.SetupTestDatabases(t)
|
||||
defer cleanup()
|
||||
|
||||
const (
|
||||
oldPassword = "legacy-init-pass"
|
||||
newPassword = "new-password-456"
|
||||
)
|
||||
if err := upsertSettingRow(dao.Mdb, mdb.Setting{
|
||||
Group: mdb.SettingGroupSystem,
|
||||
Key: mdb.SettingKeyInitAdminPasswordPlain,
|
||||
Value: oldPassword,
|
||||
Type: mdb.SettingTypeString,
|
||||
}); err != nil {
|
||||
t.Fatalf("seed plaintext setting: %v", err)
|
||||
}
|
||||
|
||||
hash, err := HashPassword(oldPassword)
|
||||
if err != nil {
|
||||
t.Fatalf("hash password: %v", err)
|
||||
}
|
||||
user := &mdb.AdminUser{
|
||||
Username: defaultAdminUsername,
|
||||
PasswordHash: hash,
|
||||
Status: mdb.AdminUserStatusEnable,
|
||||
}
|
||||
if err := dao.Mdb.Create(user).Error; err != nil {
|
||||
t.Fatalf("seed admin user: %v", err)
|
||||
}
|
||||
|
||||
if err := UpdateAdminUserPassword(uint64(user.ID), newPassword); err != nil {
|
||||
t.Fatalf("update admin password: %v", err)
|
||||
}
|
||||
|
||||
var count int64
|
||||
if err := dao.Mdb.Unscoped().
|
||||
Model(&mdb.Setting{}).
|
||||
Where("`key` = ?", mdb.SettingKeyInitAdminPasswordPlain).
|
||||
Count(&count).Error; err != nil {
|
||||
t.Fatalf("count plaintext setting: %v", err)
|
||||
}
|
||||
if count != 0 {
|
||||
t.Fatalf("plaintext setting rows after password change = %d, want 0", count)
|
||||
}
|
||||
if !GetSettingBool(mdb.SettingKeyInitAdminPasswordFetched, false) {
|
||||
t.Fatal("expected fetched flag to be true after clearing plaintext")
|
||||
}
|
||||
}
|
||||
|
||||
func TestEnsureDefaultAdminPurgesLegacySoftDeletedPlaintext(t *testing.T) {
|
||||
cleanup := testutil.SetupTestDatabases(t)
|
||||
defer cleanup()
|
||||
@@ -164,3 +213,55 @@ func TestEnsureDefaultAdminPurgesLegacySoftDeletedPlaintext(t *testing.T) {
|
||||
t.Fatalf("legacy plaintext rows after ensure = %d, want 0", count)
|
||||
}
|
||||
}
|
||||
|
||||
func TestEnsureDefaultAdminRollsBackWhenInitialPasswordStateFails(t *testing.T) {
|
||||
cleanup := testutil.SetupTestDatabases(t)
|
||||
defer cleanup()
|
||||
|
||||
if err := dao.Mdb.Exec(`
|
||||
CREATE TRIGGER fail_initial_password_state
|
||||
BEFORE INSERT ON settings
|
||||
WHEN NEW.key = 'system.init_admin_password_plain'
|
||||
BEGIN
|
||||
SELECT RAISE(FAIL, 'forced initial password state failure');
|
||||
END;
|
||||
`).Error; err != nil {
|
||||
t.Fatalf("create failure trigger: %v", err)
|
||||
}
|
||||
|
||||
password, created, err := EnsureDefaultAdmin()
|
||||
if err == nil {
|
||||
t.Fatal("expected EnsureDefaultAdmin to fail")
|
||||
}
|
||||
if created || password != "" {
|
||||
t.Fatalf("created=%v password=%q, want no created admin on failure", created, password)
|
||||
}
|
||||
|
||||
var adminCount int64
|
||||
if err := dao.Mdb.Model(&mdb.AdminUser{}).Count(&adminCount).Error; err != nil {
|
||||
t.Fatalf("count admin users after failure: %v", err)
|
||||
}
|
||||
if adminCount != 0 {
|
||||
t.Fatalf("admin users after failed initial password state = %d, want 0", adminCount)
|
||||
}
|
||||
|
||||
if err := dao.Mdb.Exec(`DROP TRIGGER fail_initial_password_state`).Error; err != nil {
|
||||
t.Fatalf("drop failure trigger: %v", err)
|
||||
}
|
||||
|
||||
password, created, err = EnsureDefaultAdmin()
|
||||
if err != nil {
|
||||
t.Fatalf("retry EnsureDefaultAdmin: %v", err)
|
||||
}
|
||||
if !created || password == "" {
|
||||
t.Fatalf("retry created=%v password=%q, want new admin with password", created, password)
|
||||
}
|
||||
|
||||
got, err := GetInitialAdminPassword()
|
||||
if err != nil {
|
||||
t.Fatalf("get initial password after retry: %v", err)
|
||||
}
|
||||
if got != password {
|
||||
t.Fatalf("initial password after retry = %q, want %q", got, password)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user